Zoom is facing more consequences for its earlier privacy and security lapses. Reuters reports that Zoom has agreed to pay $85 million to settle a lawsuit accusing the video chat giant of violating privacy and enabling "zoombombing" (that is, trolls dropping into others' chats). The preliminary settlement also requires tougher security measures, such as warning about participants with third-party apps and offering special privacy-oriented training to Zoom staff.
Judge Lucy Koh said the company was largely protected against zoombombing claims thanks to the Communications Decency Act's Section 230 safeguards against liability for users' actions.
The settlement could also lead to payouts if the lawsuit achieves a proposed class action status, but don't expect a windfall. Subscribers would receive a refund of either 15 percent or $25, whichever was larger, while everyone else would receive as much as $15. Lawyers intended to collect up to $21.25 million in legal costs.
In a statement, Zoom denied doing anything wrong and said that privacy and security were "top priorities." The company previously agreed to settle a Federal Trade Commission complaint over similar privacy issues, including the permanent web server it installed on Macs.
Zoom scrambled to bolster security for its video chats after a surge in pandemic-related use drew attention to vulnerabilities in its software and services. It started rolling out end-to-end encryption in October 2020, conducted reviews and made zoombombing more difficult. The improvements were too late for some users, though, and it's safe to say the settlement is a warning to companies that only belatedly tighten security for their apps.